5 Cybersecurity Threats Private Companies Were Faced With in 2019

The number of cyberattacks continues to grow each year — and 2019 has proven that the frequency is not slowing down. By raising awareness and shedding light on the topic, the public has grown more aware of the consequences of privacy breaches.

Private companies and small businesses need to be particularly concerned about their data. According to Cybint, nearly 60% of all companies have experienced some form of cybersecurity attack. Yet, most small businesses invest as little as $500 into their cybersecurity services.

A study by Forbes indicated that nearly $6 trillion worth of damages can result from breaches in cybersecurity by 2021. This is more than the global illegal drug trade and damages resulting from natural disasters combined!

To make things worse, 90% of all cyber crimes go unreported in the US. What this means is that there is a staggering need for an intrusion detection and prevention system in every company. It should be one that identifies and eliminates threats as well as prevents future threats.

Here is a rundown of the five biggest cybersecurity threats that dominated in 2019 to help you prepare your own cybersecurity strategy for 2020.

Ransomware Attacks

Ransomware is usually known for paralyzing systems. This is succeeded by the call for ransom in the form of cryptocurrency. According to the Symantec Internet Security Threat Report 2019, 81% of infections in 2018 were experienced by businesses.

Ransomware is a type of malware program that uses cryptoviral extortion. The program encrypts a user’s files or the whole system itself. To decrypt them, a ransom is required to be paid. However, making the payment is no guarantee that the ransomware attackers will hand over the decryption keys.

Even the FBI is concerned about ransomware attacks. These attacks aren’t just targeting companies and governments; they’re also targeting hospitals and other healthcare facilities. Particularly malicious ransomware includes the destructive strain LockerGoga which has attacked industrial and manufacturing firms. Other well-known ransomware attacks include the WannaCry and the NotPetya attacks. These types of attacks are usually spread through phishing emails and are becoming increasingly more sophisticated. To better protect your organization, it’s wise to partner with a cybersecurity and compliance specialist.

Phishing

Phishing is one of the oldest tricks in the book to hack computers. However, it’s still as widespread and dangerous today as it ever was. In 2018, 43% of all UK SMEs reported that they had experienced phishing attempts. Nearly 67% claimed it had resulted in a successful attack. This report came from CybSafe and also highlighted that email phishing was identified as a major threat.

A 2018 compilation of 15,000 security surveys by Help Net Security revealed that 83% of global respondents experienced phishing.

Most of these types of attacks focus on credential compromise. Phishing focuses on trying to dupe your email system by mimicking certain commonalities in the emails that you receive. They will make subtle changes to the subject line, the first or last name of the sender, or the content. This has proved successful in duping email clients even with their level of security. These types of phishing attacks have been labeled as polymorphic. Due to their adaptability, they’re particularly hard to defend against. Since they’ve been so widely labeled as dangerous and are easy to distribute, companies should particularly watch out for them.

Supply Chain Attacks

Supply chain attacks usually come from counterfeit vendors that push out illegitimate software updates. The updates are used to sneak into your system and engage in a supply chain attack. One of the most prominent examples is the NotPetya attack. Russian hackers used malware to compromise the update mechanism for a Ukrainian application. This type of malicious hacking has been a signature of 2019.

In March of 2019, intelligence firm Kaspersky revealed a report that disclosed a supply chain attack on Asus. The latter, an electronics maker, suffered the attack in the last half of 2018. The attack compromised the live update tool of the company. This allowed the malware to be pushed to nearly 1 million customers. The malware was accepted by the million customers since it was signed with a real Asus certificate.

These types of attacks are especially dangerous since they use a trusted system to deliver the attack. This can be very dangerous for companies that are depending on cloud services or are using different CRMs. Their entire systems can be compromised through updates. Since they trust the vendor to deliver the updates, this can result in millions worth of damages.

Formjacking

Nearly 5,000 unique websites were compromised for every month in 2018. This was done through formjacking which is a method of hijacking the personal and professional details of a user through internet forms. Your credit card numbers and banking details can all be stolen through these forms. These methods can be used through E-commerce websites as well as any website with a checkout page.

Corporations that deal with large wire transfers and payments need to reinforce their systems with authentication mechanisms. Things like 2-factor authentication can only take you so far. You need to get in-touch with compliance professionals to keep your systems up to date.

Cryptojacking (Cryptocurrency Hacking)

Cryptojacking is a type of malware which uses your computer or mobile device’s processing power to mine cryptocurrency. This type of threat can compromise any sort of device. It can be desktops, smartphones and network servers, etc. These types of malware usually sneak on to a system along with P2P downloads. The frequency of these threats has decreased considerably in 2019 compared to 2018, but millions of incidents are still occurring.

Hundreds of millions of dollars were stolen from cryptoexchanges in 2018. The biggest one occurred at CipherTrace, where $927 million was stolen in crypto assets. This trend may increase as cryptocurrency is more widely accepted as a form of currency in the US and abroad.

Private companies that deal with crypto-assets should be particularly cautious because of this threat. Since crypto-assets are always fluctuating in value, the loss of a single unit may translate to the loss of thousands of dollars.

Cybersecurity attacks are becoming more widespread and malicious through 2019 and will continue to grow in presence. Understanding the current threat landscape can help you protect your data but should always be a proactive and collaborative approach.

Sanjay Deo

Sanjay Deo is the President and Founder of 24by7security.com. He’s responsible for all business and corporate development at the company as well as execution of strategic plans. He is a Board Member at the South Florida CIO Council and is Co-Chair of the South Florida CISO Forum.